A concerning cybersecurity threat has emerged with the discovery of AI-generated fake GitHub repositories designed to distribute malware, including the notorious SmartLoader and Lumma Stealer. These malicious repositories, crafted to appear legitimate,…
The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targe…
How Attackers Exploit BitLocker: Turning Legitimate Tools into Ransomware Weapons Introduction The ransomware landscape is evolving rapidly, with attackers constantly refining their techniques to outwit security defenses. One alarming trend is the weaponization of trusted tools like Microsoft’s BitLocker. Originally designed to safeguard sensitive data through encryption, BitLocker is now being exploited by cybercriminals to […]
The post How Attackers Exploit BitLocker: Turning Legitimate Tools into Ransomware Weapons appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.
Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats.
EncryptHub, a rising cybercriminal entity, has been under scrutiny by multiple threat intelligence teams, including Outpost24’s KrakenLabs. Recent investigations have uncovered previously unseen aspects of EncryptHub’s infrastructure and ta…
SilentCryptoMiner, disguised as a VPN bypass tool, infected over 2,000 Russian users by exploiting weak security measures. Stay vigilant.
The post SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools appeared first on eSecurity Planet.
Over 1,000 malicious packages found using low file counts, suspicious installs, and hidden APIs. Learn key detection methods…
Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. Over 1,000 attacks detected globally. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. An attacker could exploit the vulnerability to achieve remote code execution on vulnerable servers using Apache and PHP-CGI. The flaw CVE-2024-4577 (CVSS score: 9.8) is […]
Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. The Loretto Hospital is a not-for-profit, community-focused health care provider. They provide healthcare services […]
The malware includes four separate backdoors:
Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in the browser of their users.
The four backdoors:
The functions of the four backdoors are explained below:
- Backdoor 1, which uploads and installs a fake plugin named “Ultra SEO Processor,” which is then used to execute attacker-issued commands
…